National Threat Assessment Center - Insider Threat Study

In August 2004, the U.S. Secret Service and Carnegie Mellon University Software Engineering Institute's CERT® Coordination Center (CERT/CC) announced the findings of the first Insider Threat Study report, a collaborative effort to better understand insider activities affecting information systems and data in critical infrastructure sectors.

The first report focuses on the people who have had access to and have perpetrated harm using information systems in the banking and finance sector, which includes credit unions and financial institutions. This study, made possible by significant financial support from the Department of Homeland Security's Science and Technology Directorate, is the first of its kind to provide a comprehensive analysis of insider actions by analyzing both the behavioral and technical aspects of the threats.

The findings underscore the importance of organizations' technology, policies and procedures in securing their networks against insider threats, as most of the cases showcased in the report were perpetrated by insiders with minimal technical skills. Various proactive practices are among the suggestions offered by the report.

About the Insider Threat Study

The Insider Threat Study is one component of an ongoing partnership between the Secret Service's National Threat Assessment Center and the Software Engineering Institute's CERT® Coordination Center, designed to develop information to help private industry, government, and law enforcement better understand, detect and ultimately prevent harmful insider activity.

The definition of an insider for this study includes current, former, or contract employees of an organization. The cases analyzed in the Insider Threat Study involve incidents in which an insider intentionally exceeded or misused an authorized level of system access in a manner that affected the organization's data, daily business operations, or system security, or involved other harm perpetrated via a computer.

For the Insider Threat Study, researchers from the Secret Service CERT/CC have focused on identifying the physical and online behaviors and communications that insiders engaged in before the incidents, as well as how the incidents were eventually executed, detected, and the insider identified. This approach addresses a broader phenomenon than previous studies on the topic of insider
activity.